22

The security of RSA is based on the integer factorization problem, which is a very well defined and understood mathematical problem. This problem must be solved in order to fundamentally break RSA.

What about AES (and others based on the same idea)?
Why is it difficult to break?
Is there any mathematical principle that ensures its security?

Mike Edward Moras
  • 18,161
  • 12
  • 87
  • 240
Eiver
  • 323
  • 2
  • 8

2 Answers2

25

AES is deemed secure because:

  • Its building blocks and design principles are fully specified.
  • It was selected as part of an open competition.
  • It has sustained 15 years of attempted cryptanalysis from many smart people, in a high-exposure situation, and it came out relatively unscathed.

Another reason, which is not as good but felt important by many people:

  • It was designed by non-American cryptographers.

In asymmetric cryptography we often (try to) reduce security to a "known hard problem", a luxury which is not often encountered in symmetric cryptography, but this does not change the conceptual root of the issue: at some level, there is some "problem" for which no efficient solving algorithm is known, despite decades of research. It is not proven that the problem is necessarily hard, or even that there can exist such as thing as a necessarily hard problem, but we are just stumped when it comes to finding a solving algorithm. With AES, the "hard problem" happens to be the AES itself.

Thomas Pornin
  • 88,324
  • 16
  • 246
  • 315
5

There is no hard problem to which AES can be provably be reduced. It is believed to be difficult to break because lots of smart people have tried for more than a decade now, using the best (publically known) techniques, and so far the only successes have been marginal improvements compared to brute force.

J.D.
  • 4,455
  • 18
  • 22